Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/natanaelvich/rbac-saas_course-rocketseat-24

This is a study project focused on Role-Based Access Control (RBAC) using Next.js and Node.js, managed with Turborepo.
https://github.com/natanaelvich/rbac-saas_course-rocketseat-24

nextjs rbac saas

Last synced: 21 days ago
JSON representation

This is a study project focused on Role-Based Access Control (RBAC) using Next.js and Node.js, managed with Turborepo.

Host: GitHub
URL: https://github.com/natanaelvich/rbac-saas_course-rocketseat-24
Owner: Natanaelvich
Created: 2024-04-17T00:02:27.000Z (8 months ago)
Default Branch: main
Last Pushed: 2024-08-11T17:33:48.000Z (5 months ago)
Last Synced: 2024-08-11T21:01:36.052Z (5 months ago)
Topics: nextjs, rbac, saas
Language: TypeScript
Homepage:
Size: 1.29 MB
Stars: 3
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Next.js SaaS + RBAC

This project contains all the necessary boilerplate to setup a multi-tenant SaaS with Next.js including authentication and RBAC authorization.

## Features

### Authentication

- [ ] It should be able to authenticate using e-mail & password;

- [ ] It should be able to authenticate using Github account;

- [ ] It should be able to recover password using e-mail;

- [x] It should be able to create an account (e-mail, name and password);

### Organizations

- [ ] It should be able to create a new organization;

- [ ] It should be able to get organizations to which the user belongs;

- [ ] It should be able to update an organization;

- [ ] It should be able to shutdown an organization;

- [ ] It should be able to transfer organization ownership;

### Invites

- [ ] It should be able to invite a new member (e-mail, role);

- [ ] It should be able to accept an invite;

- [ ] It should be able to revoke a pending invite;

### Members

- [ ] It should be able to get organization members;

- [ ] It should be able to update a member role;

### Projects

- [ ] It should be able to get projects within a organization;

- [ ] It should be able to create a new project (name, url, description);

- [ ] It should be able to update a project (name, url, description);

- [ ] It should be able to delete a project;

### Billing

- [ ] It should be able to get billing details for organization ($20 per project / $10 per member excluding billing role);

## RBAC

Roles & permissions.

### Roles

- Owner (count as administrator)

- Administrator

- Member

- Billing (one per organization)

- Anonymous

### Permissions table

|                          | Administrator | Member | Billing | Anonymous |

| ------------------------ | ------------- | ------ | ------- | --------- |

| Update organization      | ✅            | ❌     | ❌      | ❌        |

| Delete organization      | ✅            | ❌     | ❌      | ❌        |

| Invite a member          | ✅            | ❌     | ❌      | ❌        |

| Revoke an invite         | ✅            | ❌     | ❌      | ❌        |

| List members             | ✅            | ✅     | ✅      | ❌        |

| Transfer ownership       | ⚠️            | ❌     | ❌      | ❌        |

| Update member role       | ✅            | ❌     | ❌      | ❌        |

| Delete member            | ✅            | ⚠️     | ❌      | ❌        |

| List projects            | ✅            | ✅     | ✅      | ❌        |

| Create a new project     | ✅            | ✅     | ❌      | ❌        |

| Update a project         | ✅            | ⚠️     | ❌      | ❌        |

| Delete a project         | ✅            | ⚠️     | ❌      | ❌        |

| Get billing details      | ✅            | ❌     | ✅      | ❌        |

| Export billing details   | ✅            | ❌     | ✅      | ❌        |

> ✅ = allowed

> ❌ = not allowed

> ⚠️ = allowed w/ conditions

#### Conditions

- Only owners may transfer organization ownership;

- Only administrators and project authors may update/delete the project;

- Members can leave their own organization;

## Api RBAC

### OAUTH GITHUB

- [Application Github](https://github.com/settings/applications/2561789)

- [Autorization Github](https://github.com/login/oauth/authorize?client_id=4ba89b0bbad3176d796b&redirect_uri=http://localhost:3000/api/auth/callback&scope=user:email)

## Deployment

### API Digital ocen kubernetes

- [Digital Ocean](https://cloud.digitalocean.com/kubernetes/clusters/f6f5e217-7f07-4383-b040-7179685c5922?i=e9829c)

- Download the kubeconfig file and set the KUBECONFIG environment variable to the path of the file.

  - export KUBECONFIG=$HOME/.kube/k8s-1-29-1-do-0-nyc1-1714488498527-kubeconfig.yaml

- [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)

  - kubectl get nodes

  - kubectl get pods

  - kubectl get services

  - kubectl get deployments

  - TODO: kubectl get ingress

- TODO: [Helm](https://helm.sh/docs/intro/install/)

  - helm install my-release bitnami/nginx

  - helm list

  - helm uninstall my-release

## Stress test

 ```bash

 artillery run ./stress-test.yml

    ```